<?php
session_start();
ini_set("display_errors", "Off");
error_reporting(E_ERROR);
include_once ("mysql_class.php");
include_once ("config.php");
define(CONTROLLER,'b.php' );
$db = new db;
$db->connect($web_datahost, $web_datauser, $web_datapassword, $web_database, $web_pconnect);
$res = $db->query(" select * from yj_config where 1");
$key = 1;
$yj_config = array();
while ($rs = $db->fetch_array($res)) {
	$yj_config[$key] = $rs;
	$key++;
}
if(function_exists('date_default_timezone_set')) { 
	date_default_timezone_set('Asia/Chongqing');
}

function inject_check($sql_str) {     
return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str);    
} 

function str_check($str){
	if (inject_check($str)) { exit('error parameter!'); }
	if (!get_magic_quotes_gpc()){
		$str=addslashes($str);
	}
	$str=str_replace("_","/_",$str);
	$str=str_replace("%","/%",$str);
	$str=htmldecode($str);
	return $str;
}

function htmldecode($str) { 

	 if (empty ( $str ) || "" == $str) { 
		return ""; 
	 } 
	 $str = strip_tags ( $str ); 
	 $str = htmlspecialchars ( $str ); 
	 //$str = nl2br ( $str ); 
	 $str = str_replace ( "?", "", $str ); 
	 $str = str_replace ( "*", "", $str ); 
	 $str = str_replace ( "!", "", $str ); 
	 $str = str_replace ( "~", "", $str ); 
	 $str = str_replace ( "$", "", $str ); 
	 $str = str_replace ( "%", "", $str ); 
	 $str = str_replace ( "^", "", $str ); 
	 $str = str_replace ( "^", "", $str ); 
	 $str = str_replace ( "select", "", $str ); 
	 $str = str_replace ( "join", "", $str ); 
	 $str = str_replace ( "union", "", $str ); 
	 $str = str_replace ( "where", "", $str ); 
	 $str = str_replace ( "insert", "", $str ); 
	 $str = str_replace ( "delete", "", $str ); 
	 $str = str_replace ( "update", "", $str ); 
	 $str = str_replace ( "like", "", $str ); 
	 $str = str_replace ( "drop", "", $str ); 
	 $str = str_replace ( "create", "", $str ); 
	 $str = str_replace ( "modify", "", $str ); 
	 $str = str_replace ( "rename", "", $str ); 
	 $str = str_replace ( "alter", "", $str ); 
	 $str = str_replace ( "cast", "", $str ); 	 
	 $str = str_replace ( "truncate", "", $str ); 
	 $str = str_replace ( "exec", "", $str ); 	
	 $str = str_replace ( ";", "", $str ); 
	 //$str = str_replace ( ",", "", $str );
	 $str = str_replace ( "=", "", $str );
	
	 $filter = array("/\f\r\t\v/" , "/<(\/?)(script|i?frame|object|meta|\?|\%)([^>]*?)>/isU" , "/(<[^>]*)on[a-zA-Z]\s*=([^>]*>)/isU");
	 $replace = array(" " , "" , "\\1\\2");
	 $str = preg_replace($filter, $replace, $str);
	 //����Ӱ��ҳ�����
	 $filter = array("/\f\r\t\v/" , "/<(\/?)(style|html|body|title|link|\?|\%)([^>]*?)>/isU" , "/(<[^>]*)on[a-zA-Z]\s*=([^>]*>)/isU");
	 $replace = array(" " , "&lt;\\1\\2\\3&gt;" , "\\1\\2");
	 $str = preg_replace($filter, $replace, $str);	
	 return $str;
 
 }

